Jump to content
The mkiv Supra Owners Club

IT experts: Wierd issue with Google/DNS lookup - virus/malware..?


Homer

Recommended Posts

Bit of a stange one... When using google I can be randomonly redirected to other sales/search sites. None of these site appear to be "dodgy" ones, it tends to redirect to other mainstream search engines or price comparison sites such as kelkoo.

 

It can be quite intermittant, e.g. after searching for "shopping", I click on the first link (Next.co.uk), it will redirect to another site, but try it again a few seconds later and it goes to the correct (Next.co.uk) site.

 

One thing I do see is that when clicking the link, it's being redirected to another site, quite often "googleanalytics" pops up as a rediect, however that appears to be a legitimate site.

 

I am using avast and ad-aware and no issues are detected. Another person also experienced the same problem using my internet connection, but was using a different set of antivirus and malware protection. Also, when he changed the DNS from my ISP to OpenDNS the issue went away. The same problem does not occur when using VPN and foreign proxy/DNS. I get the same issue on 2 personal laptops and my desktop, but not my work laptop (which is connected to a company VPN)

 

I'm really not sure what is causing this, it is not coming up in any virus or malware apps (I've tried dozens) and my ISP (Virgin media) says it has no DNS problem.

 

Any ideas what could be causing this?

Link to comment
Share on other sites

This still occurring?

 

It is something very weird on your connection, my laptop hasn't displayed the same issue since moving back to the 3 Mifi unit. I would hazard a guess at DNS poisoning.

 

Have you tried opting out of the Virgin DNS hijacking thing they have?

Link to comment
Share on other sites

Run combofix first then superantispyware, we do this on about 40 pc's a week mate works every time.

 

Tried it, didn't find anything (and you could have warned me what combofix was going to do!!)

 

TDSSKiller is what you're after, I think.

 

Didn't find anything

 

Your ISP dns is the issue, if by using another DNS server the problem goes away you have answered the question, I never use ISP dns servers as they tend to be slow and 90% of the cause for slow internet response ;)

 

It's crazy that Virgin media could be responsible for this, at least 50% of the links I hit get redirected to random sites. I'm going to give them a call

Link to comment
Share on other sites

Had a similar prob with the bt home hub true a factory reset but still did the same so changed it and all was good. If you know anyone with a spare router give it a go.

 

Can't do that with Virgin Media, as the router's MAC is tied to the user's account.

 

Unless it is the WiFi AP that has been poisoned, which is possible to sooooome degree, but not likely I wouldn't have thought.

Link to comment
Share on other sites

Can't do that with Virgin Media, as the router's MAC is tied to the user's account.

 

Unless it is the WiFi AP that has been poisoned, which is possible to sooooome degree, but not likely I wouldn't have thought.

 

Ah shame, don't have virgin here :-(. See how he gets on calling them.

Link to comment
Share on other sites

If you did swap could you not call in the new MAC address to virgin?

 

Nah, virgin are ultra funny with that sort of thing, only their techs can change the modems, they are the property of VM. They can get a little funny if try put a different unit (MAC cloning and cable hacking etc)

Link to comment
Share on other sites

  • 2 weeks later...

Found the issue - the DNS settings on my router had been hyjacked. No idea how they were changed as the password was changed as soon as I installed it... Changed them to OpenDNS and no more problems now :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. You might also be interested in our Guidelines, Privacy Policy and Terms of Use.